Watch Out for These Common Credit Union Scams

1. Scammers Impersonating Credit Unions
2. Other Types of Fraud Designed to Steal Your Money
3. Protect Yourself from Credit Union Impersonators
4. How Can I Detect a Scam?
5. What Should You Do if You Are a Victim of a Scam?

Every day, more than 300,000 internet fraud complaints are received on average. Many more occur by text, phone, social media, and other ways. The Federal Trade Commission (FTC) received more than 2.2 million fraud reports last year, which accounted for more than $3.3 billion in losses.

Scammers are trying to steal your money by impersonating credit union employees or scheming to trick you into using your credit union’s debit card, credit card, checking, or savings account to send them money.

Scammers Impersonating Credit Unions

Scammers will use all sorts of tricks to get you to believe you are communicating with an actual credit union employee. The most common scams happen over emails, text messages, and phone calls.

Email or Text Scams

You might receive an email or text message that appears to come from your credit union. Most commonly, they’ll claim you have a suspicious charge to your debit card or checking account and need some information to restore your account or confirm your identity.

They will ask you to provide your personal information, account or card numbers, PINs, or passwords to gain access, take over your account, and steal your money.

The email or texts may appear to be legitimate. In some cases, they may direct you to a website that looks almost exactly like the actual credit union site to trick you into entering your passwords.

These are called phishing (email) or smishing (text) scams.

Phone Calls

Scammers may also pose as credit union employees and claim they need to discuss an important matter related to your account. They will ask you to answer a few questions to verify your identity.

As you are relaying the information, the scammers might be accessing your account online with the information you provide. That may trigger a 2FA code or PIN sent to your phone, which the scammer will ask you to give them. Since the caller tells you they are from the credit union and that they initiated the PIN request, it may appear to be legitimate.

Once they get into your account, they change the password to lock you out and empty your account. Some scammers can spoof phone numbers to make them appear like a local number or display the credit union's name.

These are called vishing (voice phishing) scams.

Commonly Impersonated Credit Unions

Scammers usually target credit unions that have many customers or those who suffered a data breach. Some commonly impersonated credit unions include:

• Navy Federal Credit Union
• Alliant Credit Union
• First Financial Credit Union

Credit unions that have suffered data breaches and other organizational data breaches that could affect your credit union include:

• Envision Credit Union (2021)
• Ardent Credit Union (2021)
• Reliant Federal Credit Union (2021)
• Credit Union National Association (2020)
• Microsoft (2019)
• American Bank (2020)

Other Types of Fraud Designed to Steal Your Money

Besides someone impersonating a credit union employee, scammers may also try to steal your money by employing other common scams and getting you to pay them from your credit union accounts.

For example:

• Romance scams: Scammers create fake online dating profiles or contact you via social media or email to start a relationship. At some point, they ask for money to help with travel or emergency expenses.
• Secret shoppers: Scammers pose as companies that offer to pay you to shop anonymously to report on customer service or try products but ask for an upfront payment or credit card information.
• Gifts or lotteries: An email may tell you that you’ve won a lottery or have a gift coming your way, but you need to send delivery or processing fees to claim your winnings. 
• Grandparents’ scams: A scammer poses as a grandchild or relative that urgently needs money for an emergency. These scammers target grandparents. 
• Tech support: Scammers pose as computer technicians (commonly from Apple), telling you that malware or viruses have been found on your computer and offering to fix the problem for a fee. Unfortunately, you'll often get scammed twice—when you pay the fee and again after the scammers put malware on your computer. The malware allows scammers to steal your personal information or get your account information.
• Government scams: Scammers often impersonate government agencies, such as the IRS, Medicare, or Social Security. They may threaten to suspend your Social Security number, cut off your Medicare payments, or arrest you for non-payment of taxes.
• Credit repair scams: Scammers may offer to repair your credit report if you give them access to your account to check information.
• Fake charities: Criminals take advantage of people’s good nature and willingness to help by putting up fake websites, calling, emailing, or texting to get you to donate. For an unsolicited request, you should always verify the charity independently to ensure it’s not a scam.

These scams may direct you to transfer money from your credit union accounts, debit cards, or credit cards.

Protect Yourself from Credit Union Impersonators

There are some simple ways you can protect yourself from becoming the victim of a credit union scam run by impersonators:

• Never share personal information by text message. Legitimate attempts to validate card activity from a credit union will require only "yes" or "no" responses.
• If an email or text message includes a link to a phone number or website, don’t click on it. Instead, look up the credit union’s phone number online and call that number instead.
  • If you want to check on something online, make sure you go to the credit union’s website and not a link someone sent you. Links can appear legitimate and even use the credit union’s name but direct you to a different website or a site that seems legitimate but really belongs to the scammer.
• If you did not initiate the call to your credit union, do not give out any personal information, such as account numbers, credit or debit card numbers, passwords, or PINs. Instead, hang up and call your credit union directly using the number on their website.
• Don’t download attachments within texts or emails. 
• Avoid social media quizzes or questions that ask for personally identifiable information. They may be from scammers trying to get information to breach your credit union account.
  • For example, social media posts that ask people the name of their first pet, the car they drove to get their driver’s license, or their first job may very well be scammers looking for the information to verify identity when logging into your account.
• Block scam calls and text messages on your phone so scammers can't reach you. 

The saying “if it’s too good to be true, it probably is” applies here. You can’t win a lottery if you didn’t enter it. Your grandchild probably isn’t calling for an emergency. A government agency will never contact you and threaten to have you arrested.

If you are unsure whether something is a scam, there’s an easy solution. Delete the email, don’t respond to the text message or social media messages, or hang up the phone. If you have concerns that what they are telling you is not valid, contact the appropriate credit union, company, or agency directly using their verified contact information before authorizing any payment.

How Can I Detect a Scam?

A good rule of thumb is to assume any of the above scenarios is a scam. Start by being suspicious and doing an independent investigation, and don’t rely on information from the scammers.

Here are some of the red flags to look for:

• Spoofed phone numbers, website names, and emails. Scammers may include logos or even legitimate links to credit union resources to fool you. In some cases, an email may have a name that sounds close to the real name.
• Suspicious URLs. These often contain similar letters or numbers to mimic the legitimate credit union's website. For example, your credit union’s email address may end in @firstcreditunion.com. Scammers may use a variation to trick you, such as @1stcreditunion.com.
• Poor grammar and typos. Scammers often send out lots of fake emails quickly, which leads to misspelled words, typos, or poor grammar.
• Urgent requests. Be suspicious of anything that requires urgent attention, such as an unauthorized login attempt or a charge on your account.
• A call, email, or text message from a government agency. Government agencies will never contact you unsolicited by phone, email, text, or social media. All contacts will be via mail.

What Should You Do if You Are a Victim of a Scam?

If you are the victim of a scam by someone impersonating your credit union, you should contact your credit union immediately to let them know what’s going on. Provide as many details as possible, including the date and amount of any transaction. Depending on the type of scam and how long you wait to report it, you may or may not be able to recoup some of your losses.

Can I Get My Money Back from a Scam?

• Debit card: Note that you will not have access to the money until the dispute is resolved.
  • If you contact your credit union within two days of discovering the fraud, your liability is limited to $50.
  • If you wait more than two days, you will be responsible for the first $500 lost.
  • If you wait more than 60 days, you will be unable to recover any money from the scam. 
• Electronic transfers: Under the Electronic Fund Transfer Act, you have:
  • $50 liability for fraudulent transactions reported within two days
  • $500 liability for scams reported between 2 and 60 days
  • No protection if you wait to report fraud after 60 days.
• Credit cards: Credit cards, whether they are from your credit union or another card issuer, have different rules, however. The National Credit Union Administration says your total liability for fraudulent credit card transactions is $50. You have no liability if you still have the card in your hands and a scammer uses it in an unauthorized transaction. Many credit unions and credit cards offer $0 liability for all unauthorized charges. However, keep in mind that in many scams, the scammers get you to authorize payments.

If the scam affected your debit card, credit card, or bank account, you will likely need to close your account and get a new card or account to prevent scammers from making additional fraudulent transactions.

Where Should I Report Scams?

Besides reporting the scam to the credit union, you should also report it to several government agencies. Reporting it will help agencies track scams and make other consumers aware of what the scammers are doing. The reports may also help you document the fraud in case you need proof to recover any money lost.

If you’ve lost money because of fraud, you should report it to:

• The Federal Trade Commission
• The FBI‘s Internet Crime Complaint Center (IC3) (for any scam that occurred online)
• The Consumer Financial Protection Bureau (CFPB)
• Your state’s Attorney General's Office or Consumer Protection Office

Protect Against Additional Fraud

You should also alert the consumer credit reporting bureaus if you gave the scammer your Social Security number (SSN). Place a fraud alert with Equifax, Experian, or TransUnion. Once you notify one credit agency about a fraud alert, they will inform the others.

• Equifax
• Experian
• TransUnion

You can ask for a fraud alert to be placed on your account by mail, but the credit bureaus recommend reporting it online or by phone. A fraud alert will notify potential lenders to contact you directly before authorizing a new loan or credit card.

You can also freeze your credit, limiting access to your credit report. This will stop anyone from establishing new credit in your name (including you).

You can also request a credit freeze by mail. However, unlike a fraud alert, you must request a credit freeze from each of the credit bureaus separately.